[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 16 09:10:26 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6af95ce2 by security tracker role at 2022-09-16T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2022-3230
+	RESERVED
+CVE-2022-3229
+	RESERVED
+CVE-2022-3228
+	RESERVED
 CVE-2022-40742
 	RESERVED
 CVE-2022-40741
@@ -3419,12 +3425,12 @@ CVE-2022-39217
 	RESERVED
 CVE-2022-39216
 	RESERVED
-CVE-2022-39215
-	RESERVED
+CVE-2022-39215 (Tauri is a framework for building binaries for all major desktop platf ...)
+	TODO: check
 CVE-2022-39214
 	RESERVED
-CVE-2022-39213
-	RESERVED
+CVE-2022-39213 (go-cvss is a Go module to manipulate Common Vulnerability Scoring Syst ...)
+	TODO: check
 CVE-2022-39212
 	RESERVED
 CVE-2022-39211
@@ -4464,8 +4470,8 @@ CVE-2022-38816
 	RESERVED
 CVE-2022-38815
 	RESERVED
-CVE-2022-38814
-	RESERVED
+CVE-2022-38814 (A stored cross-site scripting (XSS) vulnerability in the auth_settings ...)
+	TODO: check
 CVE-2022-38813
 	RESERVED
 CVE-2022-38812 (AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. ...)
@@ -4710,6 +4716,7 @@ CVE-2022-2999
 	RESERVED
 CVE-2022-2998
 	RESERVED
+	{DSA-5212-1}
 	- chromium 104.0.5112.101-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2300
@@ -6151,8 +6158,8 @@ CVE-2022-38336
 	RESERVED
 CVE-2022-38335
 	RESERVED
-CVE-2022-38334
-	RESERVED
+CVE-2022-38334 (XPDF v4.04 was discovered to contain a stack overflow via the function ...)
+	TODO: check
 CVE-2022-38333
 	RESERVED
 CVE-2022-38332
@@ -10635,16 +10642,16 @@ CVE-2022-36538
 	RESERVED
 CVE-2022-36537 (ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows atta ...)
 	NOT-FOR-US: ZK Framework
-CVE-2022-36536
-	RESERVED
+CVE-2022-36536 (An issue in the component post_applogin.php of Super Flexible Software ...)
+	TODO: check
 CVE-2022-36535
 	RESERVED
-CVE-2022-36534
-	RESERVED
-CVE-2022-36533
-	RESERVED
-CVE-2022-36532
-	RESERVED
+CVE-2022-36534 (Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x ...)
+	TODO: check
+CVE-2022-36533 (Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x ...)
+	TODO: check
+CVE-2022-36532 (Bolt CMS contains a vulnerability in version 5.1.12 and below that all ...)
+	TODO: check
 CVE-2022-36531
 	RESERVED
 CVE-2022-36530 (An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerabi ...)
@@ -11967,10 +11974,10 @@ CVE-2022-36077
 	RESERVED
 CVE-2022-36076 (NodeBB Forum Software is powered by Node.js and supports either Redis, ...)
 	NOT-FOR-US: NodeBB
-CVE-2022-36075
-	RESERVED
-CVE-2022-36074
-	RESERVED
+CVE-2022-36075 (Nextcloud files access control is a nextcloud app to manage access con ...)
+	TODO: check
+CVE-2022-36074 (Nextcloud server is an open source personal cloud product. Affected ve ...)
+	TODO: check
 CVE-2022-36073 (RubyGems.org is the Ruby community gem host. A bug in password & e ...)
 	NOT-FOR-US: RubyGems.org is the Ruby community gem host
 CVE-2022-36072 (SilverwareGames.io is a social network for users to play video games o ...)
@@ -13619,8 +13626,8 @@ CVE-2022-35417
 	RESERVED
 CVE-2022-35416 (H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang co ...)
 	NOT-FOR-US: H3C SSL VPN
-CVE-2022-35415
-	RESERVED
+CVE-2022-35415 (An improper input validation in NI System Configuration Manager before ...)
+	TODO: check
 CVE-2022-35414 (** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an  ...)
 	{DLA-3099-1}
 	- qemu 1:7.1+dfsg-1 (unimportant; bug #1014958)
@@ -15214,6 +15221,7 @@ CVE-2022-2257 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. ...
 CVE-2022-2256 (A Stored Cross-site scripting (XSS) vulnerability was found in keycloa ...)
 	NOT-FOR-US: Keycloak
 CVE-2022-2255 (A vulnerability was found in mod_wsgi. The X-Client-IP header is not r ...)
+	{DLA-3111-1}
 	- mod-wsgi 4.9.0-1.1 (bug #1016476)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100563
 	NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/af3c0c2736bc0b0b01fa0f0aad3c904b7fa9c751 (4.9.3)
@@ -17429,8 +17437,8 @@ CVE-2022-34004
 	RESERVED
 CVE-2022-34003
 	RESERVED
-CVE-2022-34002
-	RESERVED
+CVE-2022-34002 (The ‘document’ parameter of PDS Vista 7’s /applicati ...)
+	TODO: check
 CVE-2022-34001 (Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronousl ...)
 	NOT-FOR-US: Unit4
 CVE-2022-34000 (libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init ...)
@@ -30937,8 +30945,8 @@ CVE-2022-29241 (Jupyter Server provides the backend (i.e. the core services, API
 	- jupyter-server 1.17.1-1 (bug #1013271)
 	[bullseye] - jupyter-server <no-dsa> (Minor issue)
 	NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-q874-g24w-4q9g
-CVE-2022-29240
-	RESERVED
+CVE-2022-29240 (Scylla is a real-time big data database that is API-compatible with Ap ...)
+	TODO: check
 CVE-2022-29239
 	RESERVED
 CVE-2022-29238 (Jupyter Notebook is a web-based notebook environment for interactive c ...)
@@ -35839,8 +35847,8 @@ CVE-2022-27563 (An unauthenticated user can overload a part of HCL VersionVault
 	NOT-FOR-US: HCL
 CVE-2022-27562
 	RESERVED
-CVE-2022-27561
-	RESERVED
+CVE-2022-27561 (There is a reflected Cross-Site Scripting vulnerability in the HCL Tra ...)
+	TODO: check
 CVE-2022-27560 (HCL VersionVault Express exposes administrator credentials. ...)
 	NOT-FOR-US: HCL
 CVE-2022-27559
@@ -37643,8 +37651,8 @@ CVE-2022-26961
 	RESERVED
 CVE-2022-26960 (connector.minimal.php in std42 elFinder through 2.1.60 is affected by  ...)
 	NOT-FOR-US: std42 elFinder
-CVE-2022-26959
-	RESERVED
+CVE-2022-26959 (There are two full (read/write) Blind/Time-based SQL injection vulnera ...)
+	TODO: check
 CVE-2022-26958
 	RESERVED
 CVE-2022-26957
@@ -41074,12 +41082,12 @@ CVE-2022-25710
 	RESERVED
 CVE-2022-25709
 	RESERVED
-CVE-2022-25708
-	RESERVED
+CVE-2022-25708 (Memory corruption in WLAN due to buffer copy without checking size of  ...)
+	TODO: check
 CVE-2022-25707
 	RESERVED
-CVE-2022-25706
-	RESERVED
+CVE-2022-25706 (Information disclosure in Bluetooth driver due to buffer over-read whi ...)
+	TODO: check
 CVE-2022-25705
 	RESERVED
 CVE-2022-25704
@@ -41098,28 +41106,28 @@ CVE-2022-25698
 	RESERVED
 CVE-2022-25697
 	RESERVED
-CVE-2022-25696
-	RESERVED
+CVE-2022-25696 (Memory corruption in display due to time-of-check time-of-use race con ...)
+	TODO: check
 CVE-2022-25695
 	RESERVED
 CVE-2022-25694
 	RESERVED
-CVE-2022-25693
-	RESERVED
+CVE-2022-25693 (Memory corruption in graphics due to use-after-free while graphics pro ...)
+	TODO: check
 CVE-2022-25692
 	RESERVED
 CVE-2022-25691
 	RESERVED
-CVE-2022-25690
-	RESERVED
+CVE-2022-25690 (Information disclosure in WLAN due to improper validation of array ind ...)
+	TODO: check
 CVE-2022-25689
 	RESERVED
-CVE-2022-25688
-	RESERVED
+CVE-2022-25688 (Memory corruption in video due to buffer overflow while parsing ps vid ...)
+	TODO: check
 CVE-2022-25687
 	RESERVED
-CVE-2022-25686
-	RESERVED
+CVE-2022-25686 (Memory corruption in video module due to buffer overflow while process ...)
+	TODO: check
 CVE-2022-25685
 	RESERVED
 CVE-2022-25684
@@ -41150,10 +41158,10 @@ CVE-2022-25672
 	RESERVED
 CVE-2022-25671
 	RESERVED
-CVE-2022-25670
-	RESERVED
-CVE-2022-25669
-	RESERVED
+CVE-2022-25670 (Denial of service in WLAN HOST due to buffer over read while unpacking ...)
+	TODO: check
+CVE-2022-25669 (Denial of service in video due to buffer over read while parsing MP4 c ...)
+	TODO: check
 CVE-2022-25668 (Memory corruption in video driver due to double free while parsing ASF ...)
 	NOT-FOR-US: Snapdragon
 CVE-2022-25667
@@ -41178,16 +41186,16 @@ CVE-2022-25658 (Memory corruption due to incorrect pointer arithmetic when attem
 	NOT-FOR-US: Qualcomm
 CVE-2022-25657 (Memory corruption due to buffer overflow occurs while processing inval ...)
 	NOT-FOR-US: Qualcomm
-CVE-2022-25656
-	RESERVED
+CVE-2022-25656 (Possible integer overflow and memory corruption due to improper valida ...)
+	TODO: check
 CVE-2022-25655
 	RESERVED
-CVE-2022-25654
-	RESERVED
-CVE-2022-25653
-	RESERVED
-CVE-2022-25652
-	RESERVED
+CVE-2022-25654 (Memory corruption in kernel due to improper input validation while pro ...)
+	TODO: check
+CVE-2022-25653 (Information disclosure in video due to buffer over-read while processi ...)
+	TODO: check
+CVE-2022-25652 (Cryptographic issues in BSP due to improper hash verification in Snapd ...)
+	TODO: check
 CVE-2022-25651 (Memory corruption in bluetooth host due to integer overflow while proc ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2022-25650 (A vulnerability has been identified in Mendix Applications using Mendi ...)
@@ -55264,8 +55272,8 @@ CVE-2022-22107 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to
 	NOT-FOR-US: DayByDay CRM
 CVE-2022-22106 (Memory corruption in multimedia due to improper length check while cop ...)
 	NOT-FOR-US: Snapdragon
-CVE-2022-22105
-	RESERVED
+CVE-2022-22105 (Memory corruption in bluetooth due to integer overflow while processin ...)
+	TODO: check
 CVE-2022-22104 (Memory corruption in multimedia due to improper check on the messages  ...)
 	NOT-FOR-US: Snapdragon
 CVE-2022-22103 (Memory corruption in multimedia driver due to double free while proces ...)
@@ -55284,20 +55292,20 @@ CVE-2022-22097 (Memory corruption in graphic driver due to use after free while
 	NOT-FOR-US: Snapdragon
 CVE-2022-22096 (Memory corruption in Bluetooth HOST due to stack-based buffer overflow ...)
 	NOT-FOR-US: Qualcomm
-CVE-2022-22095
-	RESERVED
-CVE-2022-22094
-	RESERVED
-CVE-2022-22093
-	RESERVED
-CVE-2022-22092
-	RESERVED
-CVE-2022-22091
-	RESERVED
+CVE-2022-22095 (Memory corruption in synx driver due to use-after-free condition in th ...)
+	TODO: check
+CVE-2022-22094 (memory corruption in Kernel due to race condition while getting mappin ...)
+	TODO: check
+CVE-2022-22093 (Memory corruption or temporary denial of service due to improper handl ...)
+	TODO: check
+CVE-2022-22092 (Memory corruption in kernel due to use after free issue in Snapdragon  ...)
+	TODO: check
+CVE-2022-22091 (Improper authorization of a replayed LTE security mode command can lea ...)
+	TODO: check
 CVE-2022-22090 (Memory corruption in audio due to use after free while managing buffer ...)
 	NOT-FOR-US: Snapdragon
-CVE-2022-22089
-	RESERVED
+CVE-2022-22089 (Memory corruption in audio while playing record due to improper list h ...)
+	TODO: check
 CVE-2022-22088
 	RESERVED
 CVE-2022-22087 (memory corruption in video due to buffer overflow while parsing mkv cl ...)
@@ -55312,8 +55320,8 @@ CVE-2022-22083 (Denial of service due to memory corruption while extracting ape
 	NOT-FOR-US: Snapdragon
 CVE-2022-22082 (Memory corruption due to possible buffer overflow while parsing DSF he ...)
 	NOT-FOR-US: Snapdragon
-CVE-2022-22081
-	RESERVED
+CVE-2022-22081 (Memory corruption in audio module due to integer overflow in Snapdrago ...)
+	TODO: check
 CVE-2022-22080 (Improper validation of backend id in PCM routing process can lead to m ...)
 	NOT-FOR-US: Snapdragon
 CVE-2022-22079
@@ -55326,8 +55334,8 @@ CVE-2022-22076
 	RESERVED
 CVE-2022-22075
 	RESERVED
-CVE-2022-22074
-	RESERVED
+CVE-2022-22074 (Memory Corruption during wma file playback due to integer overflow in  ...)
+	TODO: check
 CVE-2022-22073
 	RESERVED
 CVE-2022-22072 (Buffer overflow can occur due to improper validation of NDP applicatio ...)
@@ -55342,8 +55350,8 @@ CVE-2022-22068 (kernel event may contain unexpected content which is not generat
 	NOT-FOR-US: Snapdragon
 CVE-2022-22067 (Potential memory leak in modem during the processing of NSA RRC Reconf ...)
 	NOT-FOR-US: Snapdragon
-CVE-2022-22066
-	RESERVED
+CVE-2022-22066 (Memory corruption occurs while processing command received from HLOS d ...)
+	TODO: check
 CVE-2022-22065 (Out of bound read in WLAN HOST due to improper length check can lead t ...)
 	NOT-FOR-US: Snapdragon
 CVE-2022-22064 (Possible buffer over read due to lack of size validation while unpacki ...)
@@ -126022,18 +126030,22 @@ CVE-2020-35534 (In LibRaw, there is a memory corruption vulnerability within the
 	NOTE: https://github.com/LibRaw/LibRaw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8 (0.20-RC2)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/279
 CVE-2020-35533 (In LibRaw, an out-of-bounds read vulnerability exists within the "LibR ...)
+	{DLA-3113-1}
 	- libraw 0.20.0-4
 	NOTE: https://github.com/LibRaw/LibRaw/commit/a6937d4046a7c4742b683a04c8564605fd9be4fb (0.20-RC2)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/273
 CVE-2020-35532 (In LibRaw, an out-of-bounds read vulnerability exists within the "simp ...)
+	{DLA-3113-1}
 	- libraw 0.20.0-4
 	NOTE: https://github.com/LibRaw/LibRaw/commit/5ab45b085898e379fedc6b113e2e82a890602b1e (0.20-RC2)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/271
 CVE-2020-35531 (In LibRaw, an out-of-bounds read vulnerability exists within the get_h ...)
+	{DLA-3113-1}
 	- libraw 0.20.0-4
 	NOTE: https://github.com/LibRaw/LibRaw/commit/d75af00681a74dcc8b929207eb895611a6eceb68 (0.20-RC2)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/270
 CVE-2020-35530 (In LibRaw, there is an out-of-bounds write vulnerability within the "n ...)
+	{DLA-3113-1}
 	- libraw 0.20.0-4
 	NOTE: https://github.com/LibRaw/LibRaw/commit/11c4db253ef2c9bb44247b578f5caa57c66a1eeb (0.20-RC2)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/272
@@ -147422,28 +147434,28 @@ CVE-2020-23562 (IrfanView 4.54 allows a user-mode write access violation startin
 	NOT-FOR-US: Irfanview
 CVE-2020-23561 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
 	NOT-FOR-US: Irfanview
-CVE-2020-23560
-	RESERVED
-CVE-2020-23559
-	RESERVED
-CVE-2020-23558
-	RESERVED
-CVE-2020-23557
-	RESERVED
-CVE-2020-23556
-	RESERVED
-CVE-2020-23555
-	RESERVED
-CVE-2020-23554
-	RESERVED
-CVE-2020-23553
-	RESERVED
-CVE-2020-23552
-	RESERVED
-CVE-2020-23551
-	RESERVED
-CVE-2020-23550
-	RESERVED
+CVE-2020-23560 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+	TODO: check
+CVE-2020-23559 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+	TODO: check
+CVE-2020-23558 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+	TODO: check
+CVE-2020-23557 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+	TODO: check
+CVE-2020-23556 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+	TODO: check
+CVE-2020-23555 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+	TODO: check
+CVE-2020-23554 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+	TODO: check
+CVE-2020-23553 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+	TODO: check
+CVE-2020-23552 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+	TODO: check
+CVE-2020-23551 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+	TODO: check
+CVE-2020-23550 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+	TODO: check
 CVE-2020-23549 (IrfanView 4.54 allows attackers to cause a denial of service or possib ...)
 	NOT-FOR-US: IrfanView
 CVE-2020-23548



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6af95ce2a11943aec3112c27829121a4f2119c72

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6af95ce2a11943aec3112c27829121a4f2119c72
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220916/ed95837e/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list